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The  Rise  of  Complexity 
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•  Scale 

•  Interconnectedness 

•  Autonomy 

•  Time  criticality 

•  Security 

•  Safety 

•  Regulation 
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How  to  Handle  Complexity 


Models 

Process 

Architecture 

Risk  assessment 

Resiliency 

Evolution 

People 


SEI  Technologies  Forum 

Software  Engineering  Institute  Carnegie  Mellon  Twitter  #sEivirtuaiForum 

©  2011  Carnegie  Mellon  University 


Complex  Systems  at  the  SEI 


Ultra-Large-Scale 

Systems 

The  Software  Challenge 
of  the  Future 
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The  SEI  is  at  the  nexus  of  systems  and 
complexity: 

•  We  study  them  side-by-side 

•  For  25  years,  we’ve  been  helping  engineers 
design  and  manage  software  systems 

•  It’s  our  job  to  “ring  the  bell”  on  the  importance 
of  managing  complexity 

We  also  appreciate  risk  and  the  importance 
of  managing  it 

•  Continuous  risk  management 

•  Mosaic  suite  of  risk  management  tools 

•  Multi-view  models 

•  Mission  Success  in  Complex  Environments 
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Rising  Tide  of  Vuinerabiiities,  Risk 
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Recent  Pandalabs  Analysis  of 
Malware,  Viruses  in  Circulation 


Unique  Vulnerabilities 
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How  to  Handle  Cyber  Security  Issues 
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Secure  Coding 

Malware  Identification  and  Analysis 
Network  Situational  Awareness 
Recognizing  Insider  Threats 
Modeling  Resiliency  and  Continuity 
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Key  Principles  of  Resiliency  (1) 
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Continuity 
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A  key  aim  of  resiliency  (and 
managing  operational  risk) 

Business  Functions: 

•  Developing  and  executing 
continuity  plans,  recovery  plans, 
and  restoration  plans 

IT  Function: 

•  Developing,  implementing, 
and  managing  processes 
to  deliver  IT  services  and 
manage  IT  infrastructures 
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Resiliency  Maturity  Model  (1) 


CERT  -RMM^'^Vlei«3lON  1  .  1 


CERT"  Resilience 
Management  Model 


A  Maturity 
Model  for 
Managing 
Operational 
Resilience 


Richard  A.  Caralli 
Julia  H.  Allen 
David  W.  White 


What  is  CERT-RMM? 

CERT-RMM  is  a  maturity  modei  for 
managing  and  improving  operational 
resilience. 

•  Guides  implementation  and  management 
of  operational  resilience  activities 

•  Converges  key  operational  risk 
management  activities:  security,  business 
continuity/disaster  recovery,  and  IT 
operations 

•  Defines  maturity  through  capability  levels 
(like  CMMI) 

•  Improves  confidence  in  how  an 
organization  responds  in  times  of 
operational  stress 
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Connecting  the  Dots 


Today’s  presentations  include: 

Understanding  and  coping  with  complexity  &  cyber  security 

•  CMMI-SVC:  The  Strategic  Landscape  for  Service 

•  Software  Acquisition  Program  Dynamics 

•  Architectural  Implications  of  Cloud  Computing 

•  The  Insider  Threat:  Lessons  Learned  from  Actual  Insider  Attacks 

Dealing  with  the  smart  grid,  resiliency  and  software  development 

•  Smart  Grid  Maturity  Model 

•  Agile  Development  and  Architecture:  Understanding  Scale  and  Risk 

•  Measuring  Operational  Resilience 

•  Team  Software  Process  (TSP) 
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Contact  Information 
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Web 
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